lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001101c41bcf$c1049620$27a83644@howard01.md.comcast.net>
From: ltaylor at relevanttechnologies.com (Laura Taylor)
Subject: Training & Certifications

It sounds like this policy went into effect 10/1/03 from the looks of the
posting. This is definitely new and was not on their site when I made my
inquiry which was in 2002. The person was not mistaken as I called twice to
be sure...it is a new policy that they are not verifying...and a good thing.
It's nice to see. Thanks for pointing that out. Laura

-----Original Message-----
From: Exibar [mailto:exibar@...lair.com]
Sent: Monday, April 05, 2004 4:46 PM
To: Ron DuFresne; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Training & Certifications


The person that Laura spoke to was mistaken,  right from their website it
states:

In the interim, (ISC)2 Services, 2494 Bayshore Boulevard, Suite 201,
Dunedin, FL 34698 USA, PH: 1.888.333.4458, FX: 1.727.738.8522, will continue
to respond to any employer requests for (ISC)2 credential holder
verifications. Such requests must be in writing on the employer's company
letterhead and a release signature from the CISSP/SSCP must be included in
the request.

That's found here: https://www.isc2.org/cgi/directory.cgi

  Exibar


----- Original Message -----
From: "Ron DuFresne" <dufresne@...ternet.com>
To: "Dave Howe" <DaveHowe@....sharp-uk.co.uk>
Cc: "Email List: Full Disclosure" <full-disclosure@...ts.netsys.com>; "Laura
Taylor" <ltaylor@...evanttechnologies.com>
Sent: Monday, April 05, 2004 2:16 PM
Subject: Re: [Full-Disclosure] Training & Certifications


>
> [orig snipped]
>
> This was recently posted to the firewall wizards list, and relates to this
> topic;
>
> From: Laura Taylor <ltaylor@...evanttechnologies.com>
> Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third
> position
>     possible?"
> Cc: firewall-wizards@...or.icsalabs.com
> Date: Fri, 2 Apr 2004 10:30:33 -0500
> To: 'Crispin Cowan' <crispin@...spincowan.com>,
>      "'Holt, Philip'" <holtp@...ttleu.edu>
>
> Something curious to know about CISSP is this....
>
> I was thinking of hiring a person with a CISSP and called up ISC2 to
> verify
> if they really were a CISSP. ISC2 told me that they never verify if anyone
> is a CISSP as it is an invasion of the person's privacy. I then asked them
> how could I know for sure if this person really was a CISSP and told them
> that the person was not listed in the CISSP database on the ISC2 web site.
> They then told me that not all CISSPs are listed in the database because
> some don't want to be listed. They told me that the only way to verifiy if
> a person is a CISSP is to ask them for their certificate. I then asked
> them if all certificates look exactly alike and can they tell me how to
> know if a certificate it authenticate. I was told that all certificates do
> not look exactly alike and that they have changed their look over the
> years so there is no way to know if a particular certificate is real or
> not.
>
> After much discussion, it became clear that they were not willing to
> verify if anyone is a CISSP, and that there was no way for anyone to
> really verify this information unless the person chooses to be listed in
> the database on the ISC2 web site. I told them that in my opinion their
> process for certification was not consistent with the concept of "trust,
> but verify" and I ended up not hiring the person I had originally
> interviewed.
>
> If a certification cannot be verified, to me it is worthless. I'd rather
> hire an MCSE because Microsoft is willing to verify all their
> certifications.
>
> The philosophies and ethics of 2600 could possibly be questionable, but I
> dare say that ISC2 is not at all the organization that I once thought it
> to be.
>
> Laura
>
>
>
>
> Thanks,
>
> Ron DuFresne
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D.  Just don't touch anything.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ